CVE-2024-4879

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293 Permissions Required
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293 Permissions Required
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154 Vendor Advisory
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154 Vendor Advisory
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit Press/Media Coverage Third Party Advisory
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit Press/Media Coverage Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10a_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_8_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1b:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_10:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*
History

27 Nov 2024, 19:07

Type Values Removed Values Added
References () https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit - Press/Media Coverage () https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit - Press/Media Coverage, Third Party Advisory
CPE cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_8_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10a_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_10:*:*:*:*:*:*

30 Jul 2024, 15:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2b:*:*:*:*:*:*
References () https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit - () https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit - Press/Media Coverage
References () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154 - () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154 - Vendor Advisory
References () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293 - () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293 - Permissions Required
CWE NVD-CWE-Other
First Time Servicenow
Servicenow servicenow

29 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit -

10 Jul 2024, 18:15

Type Values Removed Values Added
Summary ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington, D.C. Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

10 Jul 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-10 17:15

Updated : 2024-11-27 19:07

NVD link : CVE-2024-4879

Mitre link : CVE-2024-4879

JSON object : View

Products Affected

servicenow

  • servicenow
CWE
NVD-CWE-Other